Skip to content

feat: calendar #774

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
coodos merged 7 commits into from
Feb 5, 2026
Merged

feat: calendar #774

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
963bf9e
feat: calendar
coodos Feb 5, 2026
652bdb4
fix: coderabbit suggestions
coodos Feb 5, 2026
40ead1d
chore: add calendar
coodos Feb 5, 2026
54abc93
fix: cal build
coodos Feb 5, 2026
ded01c5
fix: env var
coodos Feb 5, 2026
838d0c4
fix: env var
coodos Feb 5, 2026
ddaab65
feat: curr time
coodos Feb 5, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 30 additions & 0 deletions platforms/calendar-api/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
{
"name": "calendar-api",
"version": "1.0.0",
"description": "W3DS auth and eVault-backed calendar events API",
"main": "dist/index.js",
"scripts": {
"start": "node dist/index.js",
"dev": "ts-node src/index.ts",
"build": "tsc"
},
"dependencies": {
"cors": "^2.8.5",
"dotenv": "^16.4.5",
"express": "^4.18.2",
"graphql-request": "^6.1.0",
"jsonwebtoken": "^9.0.2",
"signature-validator": "workspace:*",
"uuid": "^9.0.1",
"axios": "^1.6.7"
},
"devDependencies": {
"@types/cors": "^2.8.17",
"@types/express": "^4.17.21",
"@types/jsonwebtoken": "^9.0.5",
"@types/node": "^20.11.19",
"@types/uuid": "^9.0.8",
"ts-node": "^10.9.2",
"typescript": "^5.3.3"
}
}
25 changes: 25 additions & 0 deletions platforms/calendar-api/src/constants.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
export const CALENDAR_EVENT_ONTOLOGY_ID =
"880e8400-e29b-41d4-a716-446655440099";

const SESSION_TTL_MS = 5 * 60 * 1000; // 5 minutes

export interface StoredSession {
createdAt: number;
}

export const sessionStore = new Map<string, StoredSession>();

export function addSession(sessionId: string): void {
sessionStore.set(sessionId, { createdAt: Date.now() });
}

export function isSessionValid(sessionId: string): boolean {
const s = sessionStore.get(sessionId);
if (!s) return false;
if (Date.now() - s.createdAt > SESSION_TTL_MS) {
sessionStore.delete(sessionId);
return false;
}
sessionStore.delete(sessionId); // one-time use
return true;
}
136 changes: 136 additions & 0 deletions platforms/calendar-api/src/controllers/AuthController.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,136 @@
import { Request, Response } from "express";
import { EventEmitter } from "events";
import { v4 as uuidv4 } from "uuid";
import jwt from "jsonwebtoken";
import { verifySignature } from "signature-validator";
import { isVersionValid } from "../utils/version";
import { addSession, isSessionValid } from "../constants";

const MIN_REQUIRED_VERSION = "0.4.0";
const JWT_EXPIRES_IN = "7d";

export class AuthController {
private eventEmitter = new EventEmitter();

getOffer = async (_req: Request, res: Response) => {
console.log("[auth] GET /api/auth/offer hit");
const baseUrl = process.env.NEXT_PUBLIC_CALENDAR_APP_URL;
if (!baseUrl) {
console.error("[auth] NEXT_PUBLIC_CALENDAR_APP_URL is not set");
return res.status(500).json({ error: "Server configuration error: NEXT_PUBLIC_CALENDAR_APP_URL not set" });
}

let redirectUri: string;
try {
redirectUri = new URL("/api/auth", baseUrl).toString();
} catch (err) {
console.error("[auth] Invalid NEXT_PUBLIC_CALENDAR_APP_URL:", baseUrl, err);
return res.status(500).json({ error: "Server configuration error: invalid base URL" });
}

const session = uuidv4();
addSession(session);
const offer = `w3ds://auth?redirect=${encodeURIComponent(redirectUri)}&session=${session}&platform=${encodeURIComponent(baseUrl)}`;
console.log("[auth] offer created, redirectUri=", redirectUri, "platform=", baseUrl);
res.json({ uri: offer, sessionId: session });
};

sseStream = async (req: Request, res: Response) => {
const { id } = req.params;
console.log("[auth] GET /api/auth/sessions/:id hit, sessionId=", id);
res.writeHead(200, {
"Content-Type": "text/event-stream",
"Cache-Control": "no-cache",
Connection: "keep-alive",
"Access-Control-Allow-Origin": "*",
});
const handler = (data: unknown) => {
res.write(`data: ${JSON.stringify(data)}\n\n`);
};
this.eventEmitter.on(id, handler);
const heartbeat = setInterval(() => {
try {
res.write(": heartbeat\n\n");
} catch {
clearInterval(heartbeat);
}
}, 30000);
req.on("close", () => {
clearInterval(heartbeat);
this.eventEmitter.off(id, handler);
res.end();
});
};

login = async (req: Request, res: Response) => {
console.log("[auth] POST /api/auth hit");
try {
const { ename, session, signature, appVersion } = req.body;
console.log("[auth] body: ename=", ename, "session=", session?.slice(0, 8) + "...", "appVersion=", appVersion, "signature present=", !!signature);

if (!ename) {
console.log("[auth] reject: ename missing");
return res.status(400).json({ error: "ename is required" });
}
if (!session) {
console.log("[auth] reject: session missing");
return res.status(400).json({ error: "session is required" });
}
if (!signature) {
console.log("[auth] reject: signature missing");
return res.status(400).json({ error: "signature is required" });
}

if (!isSessionValid(session)) {
console.log("[auth] reject: invalid or expired session");
return res
.status(400)
.json({ error: "Invalid or expired session", message: "Please request a new login offer." });
}

if (!appVersion || !isVersionValid(appVersion, MIN_REQUIRED_VERSION)) {
console.log("[auth] reject: app version too old", appVersion);
return res.status(400).json({
error: "App version too old",
message: `Please update eID Wallet to version ${MIN_REQUIRED_VERSION} or later.`,
});
}

const registryBaseUrl = process.env.PUBLIC_REGISTRY_URL;
if (!registryBaseUrl) {
console.log("[auth] reject: PUBLIC_REGISTRY_URL not set");
return res.status(500).json({ error: "Server configuration error" });
}

console.log("[auth] verifying signature with registry", registryBaseUrl);
const verificationResult = await verifySignature({
eName: ename,
signature,
payload: session,
registryBaseUrl,
});

if (!verificationResult.valid) {
console.log("[auth] reject: signature invalid", verificationResult.error);
return res.status(401).json({
error: "Invalid signature",
message: verificationResult.error,
});
}

const secret = process.env.JWT_SECRET || "calendar-api-dev-secret";
const token = jwt.sign(
{ ename },
secret,
{ expiresIn: JWT_EXPIRES_IN }
);

console.log("[auth] login success, ename=", ename);
this.eventEmitter.emit(session, { token });
res.status(200).json({ token });
} catch (error) {
console.error("[auth] login error:", error);
res.status(500).json({ error: "Internal server error" });
}
};
}
109 changes: 109 additions & 0 deletions platforms/calendar-api/src/controllers/EventsController.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,109 @@
import { Response } from "express";
import { EVaultService } from "../services/EVaultService";
import { AuthenticatedRequest } from "../middleware/auth";

const evaultService = new EVaultService();

export class EventsController {
list = async (req: AuthenticatedRequest, res: Response) => {
try {
const ename = req.user?.ename;
if (!ename) {
res.status(401).json({ error: "Unauthorized" });
return;
}
const first = Math.min(
parseInt(String(req.query.first), 10) || 100,
500
);
const after = (req.query.after as string) || undefined;
const events = await evaultService.listEvents(ename, first, after);
res.json(events);
} catch (error) {
console.error("List events error:", error);
res.status(500).json({
error: "Failed to list events",
message: error instanceof Error ? error.message : "Unknown error",
});
}
};

create = async (req: AuthenticatedRequest, res: Response) => {
try {
const ename = req.user?.ename;
if (!ename) {
res.status(401).json({ error: "Unauthorized" });
return;
}
const { title, color, start, end } = req.body;
if (!title || !start || !end) {
res.status(400).json({
error: "Missing required fields",
message: "title, start, and end are required",
});
return;
}
const event = await evaultService.createEvent(ename, {
title,
color: color ?? "",
start,
end,
});
res.status(201).json(event);
} catch (error) {
console.error("Create event error:", error);
res.status(500).json({
error: "Failed to create event",
message: error instanceof Error ? error.message : "Unknown error",
});
}
};

update = async (req: AuthenticatedRequest, res: Response) => {
try {
const ename = req.user?.ename;
if (!ename) {
res.status(401).json({ error: "Unauthorized" });
return;
}
const id = req.params.id;
const { title, color, start, end } = req.body;
const payload: Record<string, string> = {};
if (title !== undefined) payload.title = title;
if (color !== undefined) payload.color = color;
if (start !== undefined) payload.start = start;
if (end !== undefined) payload.end = end;
if (Object.keys(payload).length === 0) {
res.status(400).json({ error: "No fields to update" });
return;
}
const event = await evaultService.updateEvent(ename, id, payload);
res.json(event);
} catch (error) {
console.error("Update event error:", error);
res.status(500).json({
error: "Failed to update event",
message: error instanceof Error ? error.message : "Unknown error",
});
}
};

remove = async (req: AuthenticatedRequest, res: Response) => {
try {
const ename = req.user?.ename;
if (!ename) {
res.status(401).json({ error: "Unauthorized" });
return;
}
const id = req.params.id;
await evaultService.removeEvent(ename, id);
res.status(204).send();
} catch (error) {
console.error("Remove event error:", error);
res.status(500).json({
error: "Failed to delete event",
message: error instanceof Error ? error.message : "Unknown error",
});
}
}
}
54 changes: 54 additions & 0 deletions platforms/calendar-api/src/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
import dotenv from "dotenv";
import fs from "fs";
import path from "path";
import express from "express";
import cors from "cors";

// Load .env: try monorepo root, then calendar-api parent, then cwd (no fallback)
const candidates = [
path.resolve(__dirname, "../../../.env"), // repo root from dist/
path.resolve(__dirname, "../../.env"), // repo root from src/ or platforms/.env
path.resolve(process.cwd(), ".env"),
];
const envPath = candidates.find((p) => fs.existsSync(p));
if (envPath) {
dotenv.config({ path: envPath });
} else {
console.warn(
"No .env found at",
candidates.join(", "),
"- env vars must be set by shell or elsewhere"
);
}
import { AuthController } from "./controllers/AuthController";
import { EventsController } from "./controllers/EventsController";
import { authMiddleware } from "./middleware/auth";

const app = express();
const port = process.env.PORT ?? 4001;

app.use(
cors({
origin: true,
methods: ["GET", "POST", "PATCH", "DELETE", "OPTIONS"],
allowedHeaders: ["Content-Type", "Authorization"],
credentials: true,
})
);
app.use(express.json());

const authController = new AuthController();
const eventsController = new EventsController();

app.get("/api/auth/offer", authController.getOffer);
app.get("/api/auth/sessions/:id", authController.sseStream);
app.post("/api/auth", authController.login);

app.get("/api/events", authMiddleware, eventsController.list);
app.post("/api/events", authMiddleware, eventsController.create);
app.patch("/api/events/:id", authMiddleware, eventsController.update);
app.delete("/api/events/:id", authMiddleware, eventsController.remove);

app.listen(port, () => {
console.log(`Calendar API running on port ${port}`);
});
37 changes: 37 additions & 0 deletions platforms/calendar-api/src/middleware/auth.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
import { Request, Response, NextFunction } from "express";
import jwt from "jsonwebtoken";

export interface AuthPayload {
ename: string;
}

export interface AuthenticatedRequest extends Request {
user?: AuthPayload;
}

export function authMiddleware(
req: AuthenticatedRequest,
res: Response,
next: NextFunction
): void {
const authHeader = req.headers.authorization;
if (!authHeader?.startsWith("Bearer ")) {
res.status(401).json({ error: "Missing or invalid Authorization header" });
return;
}

const token = authHeader.slice(7);
const secret = process.env.JWT_SECRET || "calendar-api-dev-secret";

try {
const decoded = jwt.verify(token, secret) as AuthPayload;
if (!decoded.ename) {
res.status(401).json({ error: "Invalid token payload" });
return;
}
req.user = { ename: decoded.ename };
next();
} catch {
res.status(401).json({ error: "Invalid or expired token" });
}
}
Loading